You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2010/05/28 14:06:36 UTC
[jira] Commented: (WSS-219) empty/blank password not supported in
username token. value read by wss4j is null instead of empty string
[ https://issues.apache.org/jira/browse/WSS-219?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12872943#action_12872943 ]
Colm O hEigeartaigh commented on WSS-219:
-----------------------------------------
I'm going to mark this as won't-fix. I've added tests to WSS4J that verify that it's possible to send a blank password:
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-15" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:Username>emptyuser</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"/>
</wsse:UsernameToken>
> empty/blank password not supported in username token. value read by wss4j is null instead of empty string
> ---------------------------------------------------------------------------------------------------------
>
> Key: WSS-219
> URL: https://issues.apache.org/jira/browse/WSS-219
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 1.5.8
> Environment: Windows/ Solaris
> Reporter: kumar ashutosh
> Assignee: Ruchith Udayanga Fernando
> Priority: Minor
>
> for noraml user name token password mechanism
> if client sets:
> user name = "user1"
> password="" // empty string
> Then WSS4j processes it as null. instead it should process it as empty string of size 0 or throw exception as it does in case of username= null
> password= " "// blank string with size>0
> Then it works fine.
> note: for password disgest empty password is replaced by default digest.
> It seems that the password is default initialized to null and is not being reinitialized if string size 0.
> Appropriate correction or exc4eption mechanism suggested
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org